======================================================== +HCU Maillist Issue: 261 07/06/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Free email security #2 Subject: hi all from the basque country! ARTICLES: -----#1------------------------------------------------- Subject: Free email security Thought this piece from Junkbusters and corresponding article from CNET may interest a few people using free email services. Web-based email from Hotmail sometimes leak email address Junkbusters reported a privacy bug in Hotmail and Excite's free email to CNET. If you use one of these web-based email services (and possibly others) and click on a URL in an email sent to you, your email address may be revealed to that site. To test whether you are exposed to the bug, follow this procedure: 1.Send an email to your account containing the URL ****************************************** 2.Get into your web-based email and click through on that link. 3.Look under the second heading, How they know where you came from, and look at the value of the ``HTTP Referer.'' Does it contain your login name anywhere? If so it could be extracted. This information is recorded by most sites, including ours. We don't plan to spam you or sell the information that you visited our site, but others might. What should you do if you are being exposed? Excite announced that they will fix the problem, but what to do in the meanwhile? The easiest way is simply not to click through when in email. If you need to go to a site, cut and paste the URL into the Location field instead (or use the Open Page command). If you use the Internet Junkbuster it removes referer information, but this isn't always available while traveling. Later Vrax -----#2------------------------------------------------- Subject: hi all from the basque country! well here's my first email, my name's karlitoxZ and i've been cracking for 2 months (a really newbie!), i've cracked 10 proggies at the moment all of them using dead listing, i've a lot of problems with softice nothing personal ;P, well a little introduction to karlitoxZing.... Here's my first problem, i'm trying to crack Visual Route 3.2b, wrote in java, with dead listing no good data refs, and with softice no posible break,the common getwindowtexta,getdigiteint, and so on..doesnt work, the program starts loading a dialogbox, what's the function in java for catching the window inserted data? where can i start to trace the info i've put at the window?... Second problem and the most important, my english is very poor as you can see, i use to speak spanish and euskera, in my country no good crackers want to help me is there any person who speaks spanish or euskera? is very difficult for me explain my debts in english... that's all folks! Lots of thanks! =====End of Issue 261=================================== ======================================================== +HCU Maillist Issue: 262 07/07/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: CrypKey Protection #2 Subject: To karlitoxZ ARTICLES: -----#1------------------------------------------------- Subject: CrypKey Protection Hi +Dynamite :-) Read your message here. I would work on this protection, because i d/l last week Systran Personal. I will begin this or next week with it. Interested? byez, NiKai (5777852 ICQ) ______________________________________________________ Get Your Private, Free Email at ********************** -----#2------------------------------------------------- Subject: To karlitoxZ I speak Spanish i am mexican, get in touch with me ***************** and we can try and solve things together, i have never tried to crack a java app but 2 brains (or yours and half of mine) think better than 1, Adios :) ______________________________________________________ Get Your Private, Free Email at ********************** =====End of Issue 262=================================== ======================================================== +HCU Maillist Issue: 263 07/08/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: wise installation serials #2 Subject: Secure Chat #3 Subject: CrypKey Protection (To NiKai) ARTICLES: -----#1------------------------------------------------- Subject: wise installation serials Hi all, I have been looking for information on the wise installation system cracking. I had hoped there would be at least an article on how to do it. ( of course I had hoped there would be a decompiler like the one for installshield : great work Natzgul ! thnx for the contribution) All I found is that the main setup program creates a temporary dll in the \windows directory. This dll contains the serial routine... When I break in this routine I get lost in the cmp's and the jmps. Can anyone point me to an article or give me some info on how to do this ? thanks... dbr ______________________________________________________ Get Your Private, Free Email at ********************** -----#2------------------------------------------------- Subject: Secure Chat I've just finished writing an assembly implementation of RC4 and it reminded me of a post by gthorne asking about secure chat. I think that RC4 could be used to encrypt 'IRC type' chat sessions. Unfortunately, I don't have any experience of socket programming. If anyone does have this experience and wants to collaborate on this please email me. I prefer to work in assembly, but will work in C/C++ (I expect it may be easier to work in C for the comms side of things). If someone already has source that will accept an ip address and connect and chat, I can easily modify it to encrypt and decrypt the data. Perhaps I should look into socket programming. Anybody got some tips/refs/urls? BTW, does anyone know if mIRC has a plug-in feature which will make this easier? Perhaps I could try hacking the DCC chat part of mIRC. This would be more convenient but could also be quite messy. I'll also write to the author and ask him to put encryption as an extra option - after all, there's very little code to add. ~~ Ghiribizzo -----#3------------------------------------------------- Subject: CrypKey Protection (To NiKai) Hi NiKai, I'm interested in your work on Systran Personal. But in a few days I will have no net-access until 08.03.98 :-( After this I can work on it. l8er, Dynamite ******************* =====End of Issue 263=================================== ======================================================== +HCU Maillist Issue: 264 07/09/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Mathematical Reversing stuff... #2 Subject: Pirates protect themselves (MP3 and Sentinel) #3 Subject: Whining for hints;) ARTICLES: -----#1------------------------------------------------- Subject: Mathematical Reversing stuff... Hey all, I need help forming this asm code first into pseudo C-Code and then into a mathematical function. Underneath this asm code is my half-complete to-C conversion, any help and corrections are _greatly_ appreciated... 0137:00443C81 MOV ECX,[004C1248] ; Load the value of in ecx 0137:00443C87 MOV EAX,834E0B5F ; result of ecx*0x834E9B5F is 0137:00443C8C IMUL ECX ; stored in edx:eax 0137:00443C8E ADD EDX,ECX ; Add the original number to edx, 0137:00443C90 PUSH ESI ; which is the high order dword 0137:00443C91 SAR EDX,10 ; shift right while preserving the ; sign-bit 0137:00443C94 MOV EAX,EDX ; discard the low-order dword 0137:00443C96 SHR EAX,1F ; Is edx signed ? 0137:00443C99 ADD EDX,EAX ; if so, add one 0137:00443C9B LEA EAX,[EDX*8+EDX] ; multiply by 9, discarding high- ; order dword 0137:00443C9E SHL EAX,03 ; This here multiplies by 8 0137:00443CA1 SUB EAX,EDX ; EDX is subtracted once ; 0137:00443CA3 LEA EAX,[EAX*4+EAX] ; multiply by 5 0137:00443CA6 SHL EAX,1 ; multiply by 2 0137:00443CA8 SUB EAX,EDX ; subtract EDX once more 0137:00443CAA SHL EAX,02 ; divide by 2 0137:00443CAD MOV ESI,EAX ; 0137:00443CAF MOV EAX,ECX ; original value in eax once more 0137:00443CB1 CDQ ; extend to quad word in edx:eax 0137:00443CB2 MOV ECX,0001F31D 0137:00443CB7 IDIV ECX ; divide EDX:EAX by ECX, storing the ; result in EAX and the remainder in ; EDX. 0137:00443CB9 IMUL EDX,EDX,000041A7 ; multiply EDX (the remainder)with ; 0x41A7 0137:00443CBF SUB EDX,ESI ; subtract the result from the value ; we had in ESI. 0137:00443CC1 TEST EDX,EDX ; 0137:00443CC3 MOV [ESP+04],EDX ; Move it where the original arg to 0137:00443CC7 JLE 00443CD1 ; the function was and back 0137:00443CC9 MOV [004C1248],EDX Well, here's my variant of it:(Var is the dword at 004C1248 unsigned long Var, Temp1, Temp2 Temp1= ((Var*0x834e0b5F)>>32)+Var); Temp1=Temp1/1024 ; if Temp1<0 Temp1++; Temp2=((Temp1*709)/2); Temp2=Temp2-(Var % 0x41A7); Var=Temp2; This is far from complete, but I tried to group it together as good as possible... :-/ The programmer had a faible for math apparently... Does anyone have experience with a C decompiler ? Would it work on such a short piece of ASM code as up there ? Thanks in advance HalVar (heavy at work) -----#2------------------------------------------------- Subject: Pirates protect themselves (MP3 and Sentinel) Hi, In my humble opinion is mp3 is created for easy copying and distribution of music and now........ they gonna protect this files with hardware keys..... ******************************** ******************** They reason I posted this because "uswk" talks about protecting EVERY file with "ONE" hardware key...... so an TSR emulating this key should be enough or am I wrong ??? (they are using SENTINEL hardware keys.) ******************* -----#3------------------------------------------------- Subject: Whining for hints;) Hi all. Wonder if someone here would care to give me some hints. A friend ask me to unlock AutoCAD v13 r2. He have the CD but not the "Personalization Disk",or the hardwarekey..) InstallShield is used for the installation to hard disk. First of all I try NaTzGUL's decompiler, but it gave up with the error: "RichEdit line insertion error" Then I watched what files InstallShield copied while it started, and ,ahh!, there i found various .exe and .dll's in the windoze/temp dir. Running them in IDA and Wdasm show some promising entry point for my attack. But then i run into problems:( Is there a way to force InstallShield to use my "modified" file(s) instead of the ones it create during start? Or is it only possible to attack it with SoftICE live? BTW, it always create a new subdir under /temp during install. Any suggestions are welcome, also to other attack points. You can also mail me at ********************** And +fravia, hope you keep working on your fantastic site! IceGator ______________________________________________________ Get Your Private, Free Email at ********************** =====End of Issue 264=================================== ======================================================== +HCU Maillist Issue: 265 07/11/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Bans ARTICLES: -----#1------------------------------------------------- Subject: Bans Hello Everyone The following is probably banal to most, but maybe of interest to someone. My ISP had increased the number of bans. Geocities.com, home.ml.org, etc( all the good sites:) ) thus making the situation intolerable. To overcome this I use another Proxy Server. There is a list at a site from a link at Malattia=92s website (to give him credit for linking it). Does anyone know of other techniques ? Iam not interested in damaging my ISP, I just want the freedom to go any URLs and use IRC and News if I wish. Cheers Rundus ______________________________________________________ Get Your Private, Free Email at ********************** =====End of Issue 265=================================== ======================================================== +HCU Maillist Issue: 266 07/12/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Re: Secure Chat ARTICLES: -----#1------------------------------------------------- Subject: Re: Secure Chat Hi Ghiribizzo, >experience and wants to collaborate on this please email me. I prefer to >work in assembly, but will work in C/C++ (I expect it may be easier to = work >in C for the comms side of things). I would suggest you to encapsulate your work in a set of routines callable from any high-level language.=20 >If someone already has source that will accept an ip address and connect >and chat, I can easily modify it to encrypt and decrypt the data. A friend of mine has such a program, written in Delphi. I haven't the sources, but I've seen it in action and it's very good. It doesn't follow IRC specifications but I think it wouldn't be difficult to set it up as a mIRC plugin. >Perhaps I should look into socket programming. Anybody got some >tips/refs/urls? The most common reference are the RFCs at ***************** But for a higher level approach there's a very good book about winsock programming. I don't have the ISBN right now. >Perhaps I could try hacking the DCC chat part of mIRC.=20 DCC will only give you support for one-to-one chat. best regards +trurl =====End of Issue 266=================================== ======================================================== +HCU Maillist Issue: 267 07/13/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: A nice protection #2 Subject: secure chat #3 Subject: for Ghiribizzo ARTICLES: -----#1------------------------------------------------- Subject: A nice protection Hi, in the last three months I've seen a nice protection used by two games. Did ever anybody cared about copying games with a CD-R recorder ?? Little digression ~~~~~~~~~~~~~~~~~ On a CD-R is space for about 650 MB (or 74 min) as nearly everybody knows. But on some commercial disks there are more than these 650 MB's. This is cause they got the technical possibilities when producing them in factory. An other important fact is, that there are generally two kinds of tracks : data tracks and audio tracks. And if both are on a disk, they can be arranged only in this order. End of digression ~~~~~~~~~~~~~~~~~ But back to the two games. They are german games so I will refer to them by calling them the first and the second game. The first is called "Anno 1602" and is a kind of Colonization, the second one is called "Commandos, behind enemy lines" and is kind of "Cannon Fodder", but much more complex. Both are really good and seem to be best sellers this summer (at least in germany). The first one was protected quite easy. The data - track was about 76 or 78 minutes. But this was no problem. I replaced some of the 20 MB - wave - files with smaller ones and so I reduced the size of the track to 650 MB. But after making a copy of the new track, the game still asked for the original disk. After debugging a bit I found that it checks the size of the disk. If it isn't larger than XXX MB, it isn't the original disk. This was not very difficult. The second game was protected much more difficult. The first thing you see, when opening the disk is that there are four files, each with a size of around 680 MB. Actually, this shouldn't be possible but they did it. I started filemon and it told me that the four files are opened, seeked to a position somewhere near the end and one block of data (4096 bytes) is read. I opened one of the files with Ultra Edit after disabling the "create temp file" option. The first few kb of the file were readable, but then I get a read error. I wrote a short program which opened one of the files, seeked to the position and read a block of 4096 bytes. Surprisingly the first byte of this block was not zero (the rest was, everywhere in the file). By using softice I found that the file is checking the four files by opening them, seeking to a position far behind and reading one byte. This byte is compared. If it is right, --> good guy else bad guy The patch was quite easy to perform. I created a new file which had the four different bytes. Then I patched the EXE to access on this new file and to read from the new positions. Surprisingly it worked. I do not know exactly how they arranged it to get the files (the large one) to act like they do. They used a quite unconventional construction for the tracks. The first one was the data track with all the normal files on it. Then followed a audio track which was totally empty. The next track was an audio track again, not totally with out contents but only with some noise on it. The last one was a data track again. Normally, this kind of order is illegal. All together this tracks are about 76 minutes, that's why a simple CD-Copy will not work. These both protections have two things in common : both they play with the limited size of CD-R's and both they can't be kicked that easily by someone without the knowledge of cracking. A few years ago, as the first games were released on CD, it wasn't possible to copy them because they were about 400 or 500 megs and nobody could afford to spend that much space for a game. The game's protection relied only on the size of the game. Cracking games wasn't needed any more. That's maybe why famous cracking groups like "Razor 1911" retired. Buy till next time TWD P.S.: Fravia, if you want this as an essay, then tell me and I will reformat and polish it. -----#2------------------------------------------------- Subject: secure chat To: All on list/on IRC Thanks for help regarding chat / socket programming. I found a Delphi chatter source and have modified it. I have uploaded the preliminary version to *************************************** (or something like that) Note that this version is NOT secure (uses XOR encyption with one byte key :) I've tested it using an ip of 127.0.0.1 but haven't tried over the net. One person told me that it didn't work over his TCP/IP intranet, so I am reluctant to continue development on it until I can confirm it works over the internet (after all, I wrote none of the socket code and don't fancy my chances of fixing any bugs there). ~~ Ghiribizzo -----#3------------------------------------------------- Subject: for Ghiribizzo Hi All, hi Ghiribizzo! :)) I'd like to help you... well to tell you the truth I don't think I have enough knowledge to teach you something, but I'm studying socket programming too and I've made some researches because I want to program a "smtp gateway", a tool that should help everybody to send anonymous/encrypted mail... searching info for my work I saw some sites about programming/socket programming that could be useful for both of us... if you want we can talk about it here on the ml, otherwise you can mail me (same old adr) and then we could post here just the new things we discover... :) byez, .+MaLaTTiA. =====End of Issue 267=================================== ======================================================== +HCU Maillist Issue: 268 07/14/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: for Ghiribizzo and .+MaLaTTiA. #2 Subject: Secure chat. #3 Subject: smtp mailer #4 Subject: thanx :) ARTICLES: -----#1------------------------------------------------- Subject: for Ghiribizzo and .+MaLaTTiA. RE: sockets Working with sockets aint hard if you are prepared to use some RAD tool (like Delphi/C++Builder). I have my own FTP/POP/SMTP/HTTP clients - if you have any question contact me. Jack of Shadows ************************ -----#2------------------------------------------------- Subject: Secure chat. Hello.. After reading Ghiribizzo's letter about secure chat, i've got the following idea: We can use normal IRC channle for secure communication. (everything from now on will be a theory because i've never tried to program a ircii/bitchx/mIRC plugin). Let's assume the every person who want's to communicat securely has knows the secret key (more about it later). The only thing to implement then is a) /changekey function that will change the current key b) in an event of and before the line will be send to server everything should be crypted with a block or stream cipher of our choice (we should consider the speed) , later on it should be converted to ASCII (like PGP or uuencode does) to prevent any distortions and preceede by a special mark like . Now every line told by us to the channel will look like this: asHJAu12yjshaywepa;jdaDUJSYQO21kl and so on c) everyline that comes from the channel should be checked for the mark and then decrypted using the current key In case we don't know the key, we won't see anything except senseless noise. Everything above should be possible to implement in all enviroments The only problem is the key but we can; a) share it via pgp encrypted e-mail b) implement a public key strategy of exchanging it via our irc clients. In the initial state of development the first solution looks better.. Is any1 interested in implementing this? BruSH -----#3------------------------------------------------- Subject: smtp mailer +MaLaTTiA, >>> too and I've made some researches because I want to program a "smtp gateway", a tool that should help everybody to send anonymous/encrypted mail... searching info for my work I saw some sites about programming/socket <<< I wrote one of these (again Delphi based). I'll see if I can dig up the source code. In any case, I plan to re-write it with better Usenet support. I'll probably email you sometime. ~~ Ghiribizzo -----#4------------------------------------------------- Subject: thanx :) Jack of Shadows, Ghiribizzo, THANX a lot :) I'll mail you ASAP and tell you what I'm planning to do... I think the program I have in mind could be quite useful but I'm afraid I need some help... I don't have much time and every help/piece of source code will be appreciated! ;) Ghiribizzo, I'm still collecting links/infos about socket programming and communications/IRC/DCC... not much but I think you can find something useful there... send me a mail if you're interested! :) byez, .+MaLaTTiA. =====End of Issue 268=================================== ======================================================== +HCU Maillist Issue: 269 07/16/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Nice Delphi cracking tool #2 Subject: Ghiribizzo, +Rezident, +Aesculapius and greetz (by fravia+) ARTICLES: -----#1------------------------------------------------- Subject: Nice Delphi cracking tool ****************************************** Now, I don't like cracking RAD developed programs, but someone wrote a crackme in Delphi?!!?? I use passive techniques almost exclusively now and exe2dpr combined with IDA cuts through the crackme in an amazing manner! Am I the only one, or is everyone else an IDA convert? Also, do you still use SICE or, like me, do you find it too 'bulky' and too much of an overkill? ~~ Ghiribizzo -----#2------------------------------------------------- Subject: Ghiribizzo, +Rezident, +Aesculapius and greetz (by fravia+) Ghiribizzo, By all means, please send an essay on this interesting stuff. Commandos seems to be Spanish, not German, please check. (Target's programmers are quite smart, judging from their graphical implementation, no wonder that they devised a new protection scheme...) If you can, please send before end July (see below). +Rezident There's something funny going on, anyway all my non-anonymous emails to you seem to be blocked and the other way round too. Please set up a new bogus account and try probes to my yahoo account. Awaiting your (promised?) gettysburg reversing. Your last essay will be published asap. If you can, please send before end July (see below). +Aesculapius The+Q's strainer solution seems VERY GOOD to me (best until now). Your opinion? +All Have nice holydays, friends, see you later ( I'll not want any Internet access until September, page will be frozen, +gthorne has the keys if needs be). Don't forget to send your own strainer's solutions to +Aesculapius, this year's strainer has already been attempted and/or solved by some GREAT crackers and reversers (really great personages), so don't underestimate and don't miss it (you would regret it later... it's really a nice and interesting task!) later +friends Your fravia+, sailing away -very soon- for a whole month :-) =====End of Issue 269=================================== ======================================================== +HCU Maillist Issue: 270 07/16/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: About the nice protection #2 Subject: Bad messages ARTICLES: -----#1------------------------------------------------- Subject: About the nice protection Fravia wrote about "Commandos", it's programmers and it's protection. I'm shure Ghiribizzo can crack it too, but this time I was a bit (only a little bit) faster. I would surely prepare an essay about how to crack it, but tomorrow I'm leaving for a 14-holiday trip. That's why I will send it later. Commandos is maybe a spanish game (the subdirectories have funny names like "Datos"), but I saw it in germany and I cracked the german version. But I don't think that matters in anny way, they will only change the speech files. See you in two weeks. Bye till next time TWD -----#2------------------------------------------------- Subject: Bad messages Hi +all! :) I'm receiving some "bad messages" and I cannot include them in the ml... well, they're not really bad, but THEY ARE NOT PLAIN TEXT. One example is Huangfei message I posted some time ago... please, if you are using a mailer which lets you compose formatted messages or html documents, PLEASE configure it so you can send your articles to the ml in PLAIN TEXT format... please... :) I'm not able to process them and make them plain text, so they cannot be published even if I receive them (Huangfei, I received your "MFC entry point" message), but I got it as a base64 attachment... I'm sorry but I cannot publish it unless you send it in plain text. I've added this request in the welcome message, so who subscribes the list will be immediately asked to post only text messages... so I think this can become a RULE if you like... :) I don't want to impose myself of course, but I thik that, even if it can be a boring work for you to configure your mail program or to send your mails with another, it would be worse for me because I would have to process messages from A LOT (and believe me when I say A LOT) of subscribers... (even if most of them don't write very much... COME ON!!! Write something! :)) Another thing. I've seen there are various problems with the list: someone told me he couldn't post messages to iname address (but, I think, the messages I get are sent to this address too, so maybe the problem is at the source); someone else told me some of his articles were not published: if so, please TELL ME, sending another copy of it to hcuml address and asking me to check if I get it (with a mail to manchu address). If there's any problem contacting me at manhcu adr, you can mail me directly at my old address ***************** Anybody of you using usa.net found something strange in the last period? I have to check various POPs and it's AWFULLY buggy... for a few times it tells me it cannot connect, then it logs in and tells me there are no messages (even if I've seen them online in the mailbox!). Then it tries to retrieve the messages but it gives an error telling me it cannot open the mailbox. AH! I've made my usa.net address forward all the mails to another adr, but I'd like to know if these probs happen just to me or are due to some lacks at usa.net server (I've seen that they're goin' to upgrade somethin' on saturday... maybe they did not have any more space left! :) Well, I think I've told you everything. The only thing I want to repeat is: if there's ANY problem, mail me immediately and I'll try to solve it ASAP. The ONLY thing I want is making this ml reach your mailboxes so I'll do all I can to send it to you! byez, .+MaLaTTiA. =====End of Issue 270===================================